tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nssoptions.c (4353B)

      1 /*
      2 * NSS utility functions
      3 *
      4 * This Source Code Form is subject to the terms of the Mozilla Public
      5 * License, v. 2.0. If a copy of the MPL was not distributed with this
      6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      7 
      8 #include <ctype.h>
      9 #include <string.h>
     10 #include <assert.h>
     11 
     12 #include "seccomon.h"
     13 #include "secoidt.h"
     14 #include "secoid.h"
     15 #include "nss.h"
     16 #include "nssoptions.h"
     17 #include "secerr.h"
     18 
     19 struct nssOps {
     20    PRInt32 rsaMinKeySize;
     21    PRInt32 dhMinKeySize;
     22    PRInt32 dsaMinKeySize;
     23    PRInt32 tlsVersionMinPolicy;
     24    PRInt32 tlsVersionMaxPolicy;
     25    PRInt32 dtlsVersionMinPolicy;
     26    PRInt32 dtlsVersionMaxPolicy;
     27    PRInt32 pkcs12DecodeForceUnicode;
     28    PRInt32 defaultLocks;
     29    PRInt32 keySizePolicyFlags;
     30    PRInt32 eccMinKeySize;
     31 };
     32 
     33 static struct nssOps nss_ops = {
     34    SSL_RSA_MIN_MODULUS_BITS,
     35    SSL_DH_MIN_P_BITS,
     36    SSL_DSA_MIN_P_BITS,
     37    1,      /* Set TLS min to less the the smallest legal SSL value */
     38    0xffff, /* set TLS max to more than the largest legal SSL value */
     39    1,
     40    0xffff,
     41    PR_FALSE,
     42    0,
     43    NSS_KEY_SIZE_POLICY_ALL_FLAGS,
     44    SSL_ECC_MIN_CURVE_BITS
     45 };
     46 
     47 SECStatus
     48 NSS_OptionSet(PRInt32 which, PRInt32 value)
     49 {
     50    SECStatus rv = SECSuccess;
     51 
     52    if (NSS_IsPolicyLocked()) {
     53        PORT_SetError(SEC_ERROR_POLICY_LOCKED);
     54        return SECFailure;
     55    }
     56 
     57    switch (which) {
     58        case NSS_RSA_MIN_KEY_SIZE:
     59            nss_ops.rsaMinKeySize = value;
     60            break;
     61        case NSS_DH_MIN_KEY_SIZE:
     62            nss_ops.dhMinKeySize = value;
     63            break;
     64        case NSS_DSA_MIN_KEY_SIZE:
     65            nss_ops.dsaMinKeySize = value;
     66            break;
     67        case NSS_TLS_VERSION_MIN_POLICY:
     68            nss_ops.tlsVersionMinPolicy = value;
     69            break;
     70        case NSS_TLS_VERSION_MAX_POLICY:
     71            nss_ops.tlsVersionMaxPolicy = value;
     72            break;
     73        case NSS_DTLS_VERSION_MIN_POLICY:
     74            nss_ops.dtlsVersionMinPolicy = value;
     75            break;
     76        case NSS_DTLS_VERSION_MAX_POLICY:
     77            nss_ops.dtlsVersionMaxPolicy = value;
     78            break;
     79        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
     80            nss_ops.pkcs12DecodeForceUnicode = value;
     81            break;
     82        case NSS_DEFAULT_LOCKS:
     83            nss_ops.defaultLocks = value;
     84            break;
     85        case NSS_KEY_SIZE_POLICY_FLAGS:
     86            nss_ops.keySizePolicyFlags = value;
     87            break;
     88        case NSS_KEY_SIZE_POLICY_SET_FLAGS:
     89            nss_ops.keySizePolicyFlags |= value;
     90            break;
     91        case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS:
     92            nss_ops.keySizePolicyFlags &= ~value;
     93            break;
     94        case NSS_ECC_MIN_KEY_SIZE:
     95            nss_ops.eccMinKeySize = value;
     96            break;
     97        default:
     98            PORT_SetError(SEC_ERROR_INVALID_ARGS);
     99            rv = SECFailure;
    100    }
    101 
    102    return rv;
    103 }
    104 
    105 SECStatus
    106 NSS_OptionGet(PRInt32 which, PRInt32 *value)
    107 {
    108    SECStatus rv = SECSuccess;
    109 
    110    switch (which) {
    111        case NSS_RSA_MIN_KEY_SIZE:
    112            *value = nss_ops.rsaMinKeySize;
    113            break;
    114        case NSS_DH_MIN_KEY_SIZE:
    115            *value = nss_ops.dhMinKeySize;
    116            break;
    117        case NSS_DSA_MIN_KEY_SIZE:
    118            *value = nss_ops.dsaMinKeySize;
    119            break;
    120        case NSS_TLS_VERSION_MIN_POLICY:
    121            *value = nss_ops.tlsVersionMinPolicy;
    122            break;
    123        case NSS_TLS_VERSION_MAX_POLICY:
    124            *value = nss_ops.tlsVersionMaxPolicy;
    125            break;
    126        case NSS_DTLS_VERSION_MIN_POLICY:
    127            *value = nss_ops.dtlsVersionMinPolicy;
    128            break;
    129        case NSS_DTLS_VERSION_MAX_POLICY:
    130            *value = nss_ops.dtlsVersionMaxPolicy;
    131            break;
    132        case __NSS_PKCS12_DECODE_FORCE_UNICODE:
    133            *value = nss_ops.pkcs12DecodeForceUnicode;
    134            break;
    135        case NSS_DEFAULT_LOCKS:
    136            *value = nss_ops.defaultLocks;
    137            break;
    138        case NSS_KEY_SIZE_POLICY_FLAGS:
    139        case NSS_KEY_SIZE_POLICY_SET_FLAGS:
    140            *value = nss_ops.keySizePolicyFlags;
    141            break;
    142        case NSS_KEY_SIZE_POLICY_CLEAR_FLAGS:
    143            *value = ~nss_ops.keySizePolicyFlags;
    144            break;
    145        case NSS_ECC_MIN_KEY_SIZE:
    146            *value = nss_ops.eccMinKeySize;
    147            break;
    148        default:
    149            rv = SECFailure;
    150    }
    151 
    152    return rv;
    153 }